Red Hat Enterprise Linux 7 update for kernel-rt
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2019-19532 CVE-2020-0427 CVE-2020-7053 CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 CVE-2020-29661 CVE-2021-20265 |
| CWE-ID | CWE-787 CWE-125 CWE-416 CWE-119 CWE-319 CWE-330 CWE-22 CWE-667 CWE-400 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #8 is available. |
| Vulnerable software Subscribe |
kernel-rt (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Enterprise Linux for Real Time Operating systems & Components / Operating system Red Hat Enterprise Linux for Real Time for NFV Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU24440
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2019-19532
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c. A local user with physical access can use a malicious USB device in the Linux kernel HID drivers, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2021:0857
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Out-of-bounds read
EUVDB-ID: #VU47057
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-0427
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a use after free when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2021:0857
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Use-after-free
EUVDB-ID: #VU24711
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-7053
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i915_ppgtt_close() function in drivers/gpu/drm/i915/i915_gem_gtt.c, related to i915_gem_context_destroy_ioctl() call in drivers/gpu/drm/i915/i915_gem_context.c. A local user can run a specially crafted application to execute arbitrary code on the system with elevated privileges.
Install updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2021:0857
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Use-after-free
EUVDB-ID: #VU51544
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-14351
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the perf subsystem. A local user with permission to monitor perf events cam corrupt memory and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2021:0857
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Buffer overflow
EUVDB-ID: #VU51545
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-25211
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to crash the system.
The vulnerability exists due to a boundary error within the ctnetlink_parse_tuple_filter() function in net/netfilter/nf_conntrack_netlink.c. A local user can inject conntrack netlink configuration, trigger buffer overflow and crash the kernel or force usage of incorrect protocol numbers.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2021:0857
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Cleartext transmission of sensitive information
EUVDB-ID: #VU51546
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-25645
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to traffic passed between two Geneve endpoints with configured IPsec can be unencrypted for the specific UDP port. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2021:0857
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Use-after-free
EUVDB-ID: #VU51547
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-25656
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in the way the console subsystem uses KDGKBSENT and KDSKBSENT IOCTLs. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information.
Install updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2021:0857
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Use of insufficiently random values
EUVDB-ID: #VU49150
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-25705
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2021:0857
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Path traversal
EUVDB-ID: #VU49914
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-28374
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in drivers/target/target_core_xcopy.c in the Linux kernel. A remote user with access to iSCSI LUN can send a specially crafted XCOPY request and read or write arbitrary files on the system.
Install updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2021:0857
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Improper locking
EUVDB-ID: #VU51543
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-29661
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a escalate privileges on the system.
The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2021:0857
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Resource exhaustion
EUVDB-ID: #VU51548
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-20265
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7
Red Hat Enterprise Linux for Real Time: 7
Red Hat Enterprise Linux for Real Time for NFV: 7
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2021:0857
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
